AWS SNS
Send SMS and push notifications using AWS Simple Notification Service [BETA]
The AWS SNS integration allows you to send authentication notifications using Amazon Simple Notification Service, providing SMS and push notification capabilities through your own AWS account.
Prerequisites
- AWS account with SNS access
- SNS topic created in your desired region
- IAM permissions configured for SendAuth to publish to your topic
Configuration
AWS SNS configuration is limited to users with the admin role.
Navigate to Settings → AWS SNS
Required Fields
Enable AWS SNS Integration
- Check this box to activate SNS for your organization
SNS Topic ARN
- The ARN of your SNS topic
- Format:
arn:aws:sns:us-east-1:123456789012:sendauth-notifications - Find in AWS Console → SNS → Topics
AWS Region
- The region where your SNS resources are located
- Example:
us-east-1,eu-west-1 - Must match your topic’s region
Platform Application ARN (if push enabled)
- The ARN of your SNS Platform Application
- Format:
arn:aws:sns:us-east-1:123456789012:app/GCM/MyApp - Required for push notifications (iOS APNS, Android FCM/GCM)
IAM Configuration
SendAuth Role ARN
SendAuth provides an IAM role ARN that you must authorize to publish to your SNS topic. Find this at the top of the AWS SNS settings page.
Topic Policy
Add this policy to your SNS topic to allow SendAuth to publish messages:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "<SENDAUTH_ROLE_ARN>"
},
"Action": "SNS:Publish",
"Resource": "<YOUR_TOPIC_ARN>"
}
]
}
Replace:
<SENDAUTH_ROLE_ARN>with the role ARN shown in SendAuth settings<YOUR_TOPIC_ARN>with your SNS topic ARN
Applying the Policy
You can add this policy using:
AWS Console:
- Navigate to SNS → Topics
- Select your topic
- Go to Access policy tab
- Edit JSON policy and add the statement above
AWS CLI:
aws sns set-topic-attributes \
--topic-arn <YOUR_TOPIC_ARN> \
--attribute-name Policy \
--attribute-value file://policy.json
Terraform:
resource "aws_sns_topic_policy" "sendauth" {
arn = aws_sns_topic.notifications.arn
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = {
AWS = "<SENDAUTH_ROLE_ARN>"
}
Action = "SNS:Publish"
Resource = aws_sns_topic.notifications.arn
}]
})
}
Message Template
Customize the SMS message template at Settings → Templates → SMS Template.
Available Variables
{{LINK}}- Authentication link (required){{REQUESTOR}}- Who made the request{{MESSAGE}}- Custom message from requestor
How It Works
When a user with SMS enabled receives an authentication request:
- SendAuth publishes a message to your SNS topic
- SNS delivers the message via your configured subscriptions
- For SMS: Message is sent to the user’s phone number
- For push: Message is sent to registered mobile devices
- User clicks the link to authenticate
- Transaction updates in real-time
Architecture
SendAuth → Assumes Role → Publishes to SNS Topic → Subscribers
├─ SMS
├─ Email
└─ Push
Pricing
- SNS usage is billed directly by AWS to your account
- SendAuth does not charge additional fees for SNS integration
- Pricing varies by message type and region
- Review AWS SNS pricing: https://aws.amazon.com/sns/pricing/
Status Monitoring
The integration status indicator shows:
- Success - Last message was published successfully
- Error - Recent publish failure with error details
- Not yet invoked - Integration configured but not yet used
Troubleshooting
Permission denied errors
- Verify the topic policy includes SendAuth’s role ARN
- Check the ARN is copied correctly (no extra spaces)
- Ensure the policy is attached to the correct topic
- Verify the topic is in the specified region
Topic not found errors
- Verify the topic ARN is correct
- Ensure the region matches the topic’s region
- Check the topic exists and is active
Disabling AWS SNS
To stop using SNS and return to SendAuth’s default providers:
- Navigate to Settings → AWS SNS
- Uncheck Enable AWS SNS Integration
- Click Save